Need help cleaning a system of Malware/Virus/Bad things

download & run combofix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Try to do a system restore to couple of days before the system was infected and then scan computer again.

I know it's not always feasible but would it not be easier just to back up his files and reformat the machine? it sounds like you spent quite a few hours working on it and the end result will be "clean" but is there any other damage?. I would format/install/update and protect. When i say update that means update everything not just Windows. Flash and Adobe reader are the most vulnerable apps at the moment

I've seem many infected systems. download and run tdskiller and superantispyware.

If combofix, tdskiller, nortons, malwarebytes and superantispyware don;t work, then you are probably better off in the long run backing up all data files, performing a clean install and copyinh on your user files.

Also use spybot

I tend to agree with the above comments regarding reformatting and starting from scratch.

Figuring an hour to reinstall XP, two hours to install all the updates, another hour to configure it to the user's liking, and half an hour for each application installed.  When you hit the eight hour mark trying to repair, it's probably more sensible to start over.

There will be guaranteed good results with a clean install.  There won't be guaranteed good results cleaning up a heavily infested system, and at any time something unpleasant may pop up that renders the system unusable.

A side benefit of doing a clean install is that the unhappy loss of settings, customizations and whatnot may prompt the owner to be more careful in the future.

fwiw:  I've never seen a system operate correctly with Norton installed.  Suggest a different antivirus such as AVG.

Yeah, I agree with you all that a wipe and reinstall would be best, but this is my friend's business computer if it can be fixed without it, I have to try to.

Ok, in safe mode Malwarebytes  on full scan found nothing.

Ran TDSKiller, found nothing.

Running SuperAntiSpyware, it says it has found 300 tracking cookies, and Trojan.Agent/Gen-Cryptor[Egun]. Scan still running.

With combofix, can I post the log here or should I use bleepingcomputer? Lots of warnings about "using it without supervision". I am not a novice, but I have never used combofix before.

Thank you all for the help so far!

Pointed question to ask your friend:

"Since this system is your business computer, and it is used to keep your business running, which is presumably important, and the system didn't infect itself, whose carelessness let all these things get into your system?"

Do not run malwarebytes or tdsskiller in safe mode, do them (and combofix) in regular mode.
As far as the pointed question, I agree, but that is why you license Malwarebytes and run it in protected mode.  It will not let you go to websites with possible malware on it.
Thanks,
Kelly W.

DrKlahn - I fully agree, and it has been discussed at length. Now I am picking up the pieces.

And yes he will hopefully owe me (and of course all of you) big time.

Ok, SuperAntiSpyware supposedly has taken care of  Trojan.Agent/Gen-Cryptor[Egun].

Going to reboot and do scans in normal mode

Ok, ran TDSKiller in normal mode, it found nothing.

Running Malwarebytes full scan now, so far nothing.

Other issues:
I was able to log on as the administrator, but I am getting  "an access denied error was returned while attempting to change a service. You may need to log on using an Administrator account to make the specified changes" when trying to change settings in MSconfig

Also, automatic updates is disabled, configuration window is greyed out even on administrator account.

Is there anything that will take care of those issues?

Run combofix found here:
http://www.bleepingcomputer.com/download/anti-virus/combofix
Let it do it's thing.  It might take a while to run fully.
Thanks,
Kelly W.

Ok, ran combofix,

still can not enable automatic updates,

here is the log, and after that a hijackthis log as well:

ComboFix 11-09-02.04 - JJAdmin 09/02/2011  18:07:08.1.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2037.1340 [GMT -5:00]
Running from: c:\documents and settings\JJAdmin\Desktop\ComboFix.exe
AV: Live Security Suite *Disabled/Updated* {F5BECBCD-2BE5-47BA-A5C6-F4E8AEC7EDF0}
AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\mrfec\20050617143850734_SF-555P_print_eng.exe
c:\documents and settings\mrfec\g2mdlhlpx.exe
c:\documents and settings\mrfec\gosetup.exe
c:\documents and settings\mrfec\System
c:\documents and settings\mrfec\System\win_qs8.jqx
c:\documents and settings\mrfec\WINDOWS
c:\progra~1\HEADLI~2\bar\1.bin\29BAr.dll
c:\program files\HeadlineAlley_29\bar\1.bin\29BAr.dll
c:\program files\HeadlineAlley_29\bar\1.bin\29SRcas.dll
c:\program files\Object\bho_project.dll
c:\windows\MailSwitch.ocx
c:\windows\system32\comct332.ocx
c:\windows\system32\restart.exe
c:\windows\system32\win.ini
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_WEBSERVER
.
.
(((((((((((((((((((((((((   Files Created from 2011-08-02 to 2011-09-02  )))))))))))))))))))))))))))))))
.
.
2011-09-02 22:17 . 2011-09-02 22:20      --------      dc----w-      c:\documents and settings\JJAdmin
2011-08-29 14:28 . 2011-08-29 14:28      --------      d-----w-      c:\program files\Defraggler
2011-08-28 22:48 . 2011-08-28 22:48      --------      d-----w-      c:\program files\Trend Micro
2011-08-27 19:27 . 2010-07-26 18:42      52080      ----a-w-      c:\windows\system32\Spool\prtprocs\w32x86\GoToPrintProcessor.dll
2011-08-27 19:27 . 2011-08-27 19:27      --------      dc----w-      c:\documents and settings\All Users\Application Data\CitrixLogs
2011-08-27 19:27 . 2010-07-26 18:42      111472      ----a-w-      c:\windows\system32\gotomon.dll
2011-08-25 20:46 . 2011-08-25 20:46      --------      d-----w-      c:\program files\Microsoft Analysis Services
2011-08-25 20:46 . 2011-08-25 20:52      --------      d-----w-      c:\windows\SHELLNEW
2011-08-25 20:44 . 2011-08-25 20:44      --------      dc----r-      C:\MSOCache
2011-08-24 23:46 . 2011-08-24 23:46      302592      --sha-w-      C:\EUMONBMP.SYS
2011-08-24 23:43 . 2011-08-06 05:52      184072      ----a-w-      c:\windows\system32\drivers\EuFdDisk.sys
2011-08-24 23:43 . 2011-08-06 05:52      16008      ----a-w-      c:\windows\system32\drivers\eudskacs.sys
2011-08-24 23:43 . 2011-08-06 05:52      38920      ----a-w-      c:\windows\system32\drivers\eubakup.sys
2011-08-24 23:43 . 2011-08-06 05:52      42376      ----a-w-      c:\windows\system32\drivers\EUBKMON.sys
2011-08-24 23:41 . 2011-08-06 05:52      20616      ----a-w-      c:\windows\system32\fbnative.exe
2011-08-24 23:41 . 2011-08-24 23:41      --------      d-----w-      c:\program files\EaseUS
2011-08-23 14:25 . 2011-08-23 14:25      --------      dc----w-      c:\documents and settings\All Users\Application Data\MemeoCommon
2011-08-23 14:24 . 2011-08-23 14:24      --------      d-----w-      c:\documents and settings\LocalService\Local Settings\Application Data\ServiceTest
2011-08-23 14:23 . 2011-08-23 14:29      --------      d-----w-      c:\program files\Memeo
2011-08-23 02:41 . 2011-07-07 00:52      41272      ----a-w-      c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-23 02:41 . 2011-08-23 02:41      --------      d-----w-      c:\program files\Malwarebytes' Anti-Malware
2011-08-23 02:41 . 2011-07-07 00:52      22712      ----a-w-      c:\windows\system32\drivers\mbam.sys
2011-08-23 02:01 . 2011-06-24 14:10      139656      ------w-      c:\windows\system32\dllcache\rdpwd.sys
2011-08-23 02:01 . 2011-07-08 14:02      10496      ------w-      c:\windows\system32\dllcache\ndistapi.sys
2011-08-23 01:09 . 2011-08-23 01:09      --------      d-----w-      c:\program files\Glary Utilities
2011-08-23 01:03 . 2011-08-23 01:03      --------      d-----w-      c:\program files\CCleaner
2011-08-10 19:08 . 2011-08-10 19:08      --------      d-----w-      c:\program files\W3i
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-02 22:12 . 2010-06-12 15:50      256      ----a-w-      c:\documents and settings\mrfec\pool.bin
2011-07-15 13:29 . 2004-08-10 17:51      456320      ----a-w-      c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2004-08-10 17:51      10496      ----a-w-      c:\windows\system32\drivers\ndistapi.sys
2011-07-07 18:08 . 2011-07-18 13:13      17280      ----a-w-      c:\windows\system32\roboot.exe
2011-06-24 14:10 . 2004-08-10 18:01      139656      ----a-w-      c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2004-08-10 17:51      916480      ----a-w-      c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2004-08-10 17:51      43520      ------w-      c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2004-08-10 17:51      1469440      ----a-w-      c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2004-08-10 17:51      385024      ------w-      c:\windows\system32\html.iec
2011-06-20 17:44 . 2004-08-10 17:51      293376      ----a-w-      c:\windows\system32\winsrv.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe" [2010-04-27 243544]
"Communicator"="c:\program files\Microsoft Lync\communicator.exe" [2011-07-21 12023568]
"HeadlineAlley_29 Browser Plugin Loader"="c:\progra~1\HEADLI~2\bar\1.bin\29brmon.exe" [2011-04-05 27648]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"Nuance PDF Reader-reminder"="c:\program files\Nuance\PDF Reader\Ereg\Ereg.exe" [2010-07-05 333088]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"Logoff"="c:\program files\Windows SteadyState\SCTUINotify.exe" [2008-05-30 163856]
"Bubble"="c:\program files\Windows SteadyState\Bubble.exe" [2008-05-30 182288]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-05-27 273544]
"Adobe ARM"="c:\program files\common files\adobe\arm\1.0\adobearm.exe" [2011-06-06 937920]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Adobe Reader Speed Launcher"="c:\program files\adobe\reader 10.0\reader\reader_sl.exe" [2011-06-06 35736]
"EaseUs Watch"="c:\program files\EaseUS\Todo Backup\bin\EuWatch.exe" [2011-08-06 70792]
"EaseUs Tray"="c:\program files\EaseUS\Todo Backup\bin\TrayNotify.exe" [2011-08-06 744072]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SWHelper"="c:\windows\system32\Macromed\Shockwave 8\PostUpdate.exe" [2010-08-05 53248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideFastUserSwitching"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC]
2010-07-26 18:42      15216      ----a-w-      c:\program files\Citrix\GoToMyPC\G2WinLogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windows SteadyState]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^mrfec^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 17:55      937920      ----a-w-      c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2010-03-11 03:32      648536      -c--a-w-      c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
2011-05-16 12:50      50592      ----a-w-      c:\documents and settings\mrfec\Application Data\mjusbsp\cdloader2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12      15360      ----a-w-      c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 17:09      460784      ----a-w-      c:\program files\DellSupport\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-01-07 17:10      30192      ----a-w-      c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Updater]
2010-05-09 16:23      161336      ----a-w-      c:\program files\Google\Google Updater\GoogleUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22      3739648      ----a-w-      c:\program files\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2007-08-30 15:50      205480      ----a-w-      c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2007-08-30 15:50      205480      ----a-w-      c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 03:12      3872080      ----a-w-      c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 06:54      417792      ----a-w-      c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2008-09-19 15:37      236016      ----a-w-      c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 17:59      254696      ----a-w-      c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-04-13 19:17      68856      ----a-w-      c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
2008-04-14 00:12      143360      ----a-w-      c:\windows\system32\mobsync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YMailAdvisor]
2008-06-05 22:06      125208      ----a-w-      c:\program files\Yahoo!\Common\YMailAdvisor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
2005-07-15 21:48      479232      ----a-w-      c:\program files\Google\Gmail Notifier\gnotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL TopSpeedMonitor"=2 (0x2)
"AOL ACS"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AVPath"="\\\\.\\root\\SecurityCenter:AntiVirusProduct.instanceGuid=\"{F5BECBCD-2BE5-47BA-A5C6-F4E8AEC7EDF0}\""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Roxio\\Digital Home 9\\RoxioUpnpService9.exe"=
"c:\\Program Files\\Rhapsody\\rhapsody.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Documents and Settings\\mrfec\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Lync\\UcMapi.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Documents and Settings\\mrfec\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Microsoft Lync\\communicator.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"8085:TCP"= 8085:TCP:HASP Port
.
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [8/24/2011 6:43 PM 38920]
R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [8/24/2011 6:43 PM 42376]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0501000.01D\symds.sys [5/22/2011 10:17 AM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0501000.01D\symefa.sys [5/22/2011 10:17 AM 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110812.001\BHDrvx86.sys [8/15/2011 6:55 PM 815736]
R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [8/24/2011 6:43 PM 16008]
R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [8/24/2011 6:43 PM 184072]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0501000.01D\ironx86.sys [5/22/2011 10:17 AM 136312]
R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2/28/2010 2:33 AM 821664]
R2 DBService;SyncThru Web Admin Service Database Service;c:\program files\Samsung Network Printer Utilities\SyncThru Web Admin Service\WSTSrvDatabase.exe [1/16/2006 3:47 PM 114688]
R2 DispatcherServiceNT;SyncThru Web Admin Service Dispatcher Service;c:\program files\Samsung Network Printer Utilities\SyncThru Web Admin Service\WSTSrvDispatcher.exe [1/16/2006 3:50 PM 106496]
R2 DMService;SyncThru Web Admin Service Device Manager Service;c:\program files\Samsung Network Printer Utilities\SyncThru Web Admin Service\WSTSrvDeviceManager.exe [1/16/2006 3:47 PM 327680]
R2 EaseUS Agent;EaseUS Agent;c:\program files\EaseUS\Todo Backup\bin\Agent.exe [8/24/2011 6:41 PM 60040]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe [5/22/2011 10:17 AM 130008]
R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [4/24/2010 1:10 AM 483688]
R2 SLPService;SyncThru Web Admin Service SLP Service;c:\program files\Samsung Network Printer Utilities\SyncThru Web Admin Service\WSTSrvSLP.exe [1/16/2006 3:48 PM 110592]
R2 SNMPService;SyncThru Web Admin Service SNMP Service;c:\program files\Samsung Network Printer Utilities\SyncThru Web Admin Service\WSTSrvSNMP.exe [1/16/2006 3:48 PM 229376]
R2 WebServiceNT;SyncThru Web Admin Service Web Server;c:\program files\Samsung Network Printer Utilities\SyncThru Web Admin Service\WSTWebServer.exe [1/16/2006 3:48 PM 126976]
R2 Windows SteadyState;Windows SteadyState Service;c:\program files\Windows SteadyState\SCTSvc.exe [5/30/2008 2:41 PM 115728]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/28/2011 1:17 AM 105592]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110902.030\IDSXpx86.sys [9/2/2011 4:59 PM 356280]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [12/2/2009 10:23 PM 554344]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [12/2/2009 10:23 PM 211432]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [12/2/2009 10:23 PM 20584]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [12/2/2009 10:23 PM 18280]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [4/24/2010 1:10 AM 209768]
S2 gupdate1c9ca11c9487ab8;Google Update Service (gupdate1c9ca11c9487ab8);c:\program files\Google\Update\GoogleUpdate.exe [4/30/2009 11:03 PM 133104]
S2 HeadlineAlley_29Service;HeadlineAlley Service;c:\progra~1\HEADLI~2\bar\1.bin\29barsvc.exe [4/5/2011 5:16 PM 36864]
S3 ADM8511;PA090 USB ETHERNET 10/100 ;c:\windows\system32\drivers\ADM8511.SYS [9/20/2007 9:44 AM 24745]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [9/17/2007 8:12 AM 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/30/2009 11:03 PM 133104]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 4:06 PM 11520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 10:32      128512      ----a-w-      c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-02 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2011-08-23 23:47]
.
2011-09-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-06 16:28]
.
2011-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-01 04:02]
.
2011-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-01 04:02]
.
2011-09-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3306005549-1961216853-1550191055-1006Core.job
- c:\documents and settings\mrfec\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-13 01:45]
.
2011-09-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3306005549-1961216853-1550191055-1006UA.job
- c:\documents and settings\mrfec\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-13 01:45]
.
2011-09-02 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3306005549-1961216853-1550191055-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]
.
2011-09-02 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3306005549-1961216853-1550191055-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]
.
2011-09-02 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3306005549-1961216853-1550191055-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]
.
2011-09-02 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3306005549-1961216853-1550191055-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]
.
2011-09-02 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2010-11-08 17:29]
.
2011-09-02 c:\windows\Tasks\User_Feed_Synchronization-{204066F4-AD61-46F7-8CA7-60886C7FA41E}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 10:31]
.
2011-09-02 c:\windows\Tasks\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_D2TPPPD1_mrfec.job
- c:\windows\system32\mobsync.exe [2004-08-10 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070917
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.15.1
DPF: {9EF2BA47-C6A7-470D-9DD9-4323B0CB8353} - hxxp://192.168.15.151/WebClient.cab
DPF: {A1B8A30B-8AAA-4A3E-8869-1DA509E8A011} - hxxps://reports.igrs-ips.com/crystalreportviewers10/ActiveXControls/ActiveXViewer.cab
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{08f9937e-0a4f-48cf-94e7-827223daec1d} - c:\program files\HeadlineAlley_29\bar\1.bin\29SrcAs.dll
BHO-{f5046a39-68f3-4732-995f-eb2ea26d93fb} - (no file)
Toolbar-Locked - (no file)
Toolbar-{f5046a39-68f3-4732-995f-eb2ea26d93fb} - (no file)
MSConfigStartUp-%PROVIDERID% - bin\sprtcmd.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
MSConfigStartUp-VRQ Uploader - c:\program files\NortonVRQ\Engine\5.0.2.7\VRQUploadFiles.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-02 18:18
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(736)
c:\program files\Citrix\GoToMyPC\G2WinLogon.dll
.
- - - - - - - > 'explorer.exe'(4844)
c:\windows\system32\WININET.dll
c:\progra~1\HEADLI~2\bar\1.bin\29brstub.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Canon\DIAS\CnxDIAS.exe
c:\program files\Google\Update\1.3.21.65\GoogleCrashHandler.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2011-09-02  18:21:05 - machine was rebooted
ComboFix-quarantined-files.txt  2011-09-02 23:21
.
Pre-Run: 125,515,988,992 bytes free
Post-Run: 125,519,052,800 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /bootlog /NoExecute=OptOut
.
- - End Of File - - 65F1DC7F8116ED068D223BB46A828273

And here is the Hijackthis log from a scan after combofix as well:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:06:20 PM, on 9/3/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows SteadyState\SCTSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Canon\DIAS\CnxDIAS.exe
C:\Program Files\Samsung Network Printer Utilities\SyncThru Web Admin Service\WSTSrvDatabase.exe
C:\Program Files\Samsung Network Printer Utilities\SyncThru Web Admin Service\WSTSrvDispatcher.exe
C:\Program Files\Samsung Network Printer Utilities\SyncThru Web Admin Service\WSTSrvDeviceManager.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe
C:\Program Files\Google\Update\1.3.21.65\GoogleCrashHandler.exe
C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Samsung Network Printer Utilities\SyncThru Web Admin Service\WSTSrvSLP.exe
C:\Program Files\Samsung Network Printer Utilities\SyncThru Web Admin Service\WSTSrvSNMP.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Samsung Network Printer Utilities\SyncThru Web Admin Service\WSTWebServer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Lync\communicator.exe
C:\Program Files\Windows SteadyState\Bubble.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\explorer.exe
C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe
C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe
C:\Documents and Settings\JJAdmin\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070917
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Lync add-on BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Lync\OCHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\IPS\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: AppGraffiti - {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\PROGRA~1\APPGRA~1\APPGRA~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Bing Bar] "C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe"
O4 - HKLM\..\Run: [Communicator] "C:\Program Files\Microsoft Lync\communicator.exe" /fromrunkey
O4 - HKLM\..\Run: [Nuance PDF Reader-reminder] "C:\Program Files\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\PDF Reader\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [Logoff] C:\Program Files\Windows SteadyState\SCTUINotify.exe
O4 - HKLM\..\Run: [Bubble] C:\Program Files\Windows SteadyState\Bubble.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] c:\program files\adobe\reader 10.0\reader\reader_sl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [EaseUs Watch] "C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe"
O4 - HKLM\..\Run: [EaseUs Tray] "C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\mrfec\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKUS\S-1-5-18\..\RunOnce: [SWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 8\PostUpdate.exe" 1014021 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 8\PostUpdate.exe" 1014021 (User 'Default user')
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Lync\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Lync\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9EF2BA47-C6A7-470D-9DD9-4323B0CB8353} (WebClient Control) - http://192.168.15.151/WebClient.cab
O16 - DPF: {A1B8A30B-8AAA-4A3E-8869-1DA509E8A011} - https://reports.igrs-ips.com/crystalreportviewers10/ActiveXControls/ActiveXViewer.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Driver Information Assist Service - CANON INC. - C:\Program Files\Canon\DIAS\CnxDIAS.exe
O23 - Service: SyncThru Web Admin Service Database Service (DBService) - Unknown owner - C:\Program Files\Samsung Network Printer Utilities\SyncThru Web Admin Service\WSTSrvDatabase.exe
O23 - Service: SyncThru Web Admin Service Dispatcher Service (DispatcherServiceNT) - Unknown owner - C:\Program Files\Samsung Network Printer Utilities\SyncThru Web Admin Service\WSTSrvDispatcher.exe
O23 - Service: SyncThru Web Admin Service Device Manager Service (DMService) - Unknown owner - C:\Program Files\Samsung Network Printer Utilities\SyncThru Web Admin Service\WSTSrvDeviceManager.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EaseUS Agent - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToMyPC\g2svc.exe
O23 - Service: Google Update Service (gupdate1c9ca11c9487ab8) (gupdate1c9ca11c9487ab8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HeadlineAlley Service (HeadlineAlley_29Service) - HeadlineAlley - C:\PROGRA~1\HEADLI~2\bar\1.bin\29barsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SyncThru Web Admin Service SLP Service (SLPService) - Unknown owner - C:\Program Files\Samsung Network Printer Utilities\SyncThru Web Admin Service\WSTSrvSLP.exe
O23 - Service: SyncThru Web Admin Service SNMP Service (SNMPService) - Unknown owner - C:\Program Files\Samsung Network Printer Utilities\SyncThru Web Admin Service\WSTSrvSNMP.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: SyncThru Web Admin Service Web Server (WebServiceNT) - Unknown owner - C:\Program Files\Samsung Network Printer Utilities\SyncThru Web Admin Service\WSTWebServer.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 17696 bytes

Just for fun (cuz this is just so much fun, right?) try running HitManPro.  

MalwareBytes is excellent at detecting malware/grayware, etc, but this is the only program I've found so far that is good at looking for rootkit viruses.

Its good that you spent so much hours to analyze and repair system from Viruses. you have learned many things from this. Its seems that malware has been removed and but its entries are still remain. which is very difficult to determine where virus made those entries. In this situation if you can repair your pc without format then may be entries would be gone. otherwise you can restore registry by manually. and also do SFC /scannow to check system files :- Sfc /scannow will inspect all of the important Windows files on your computer, including Windows DLL files. If System File Checker finds an issue with any of these protected files, it will replace it.

How to Restore the Registry Hives From a System Restore Snapshot in Windows XP
Part I

Start Windows XP Recovery Console.
Copy the five registry hives (SYSTEM, SOFTWARE, SAM, SECURITY, DEFAULT) from C:\Windows\System32\Config to C:\Windows\Tmp, adding the .bak extension.
Delete the five registry hives from C:\Windows\System32\Config
Copy the five registry hives from C:\Windows\Repair folder to C:\Windows\System32\Config
With this done, you should be able to start Windows XP using the registry that was created during the initial setup of Windows XP. As a result, any changes and settings that occurred after the Setup program was finished are lost.

If you notice the your system not able to boot after restoring registry then again Copy the all registry hives from C:\Windows\Tmp to C:\Windows\System32\Config
change the extension .bak

Thank you all for your suggestions.

I split the points among those that gave me info that got me started.

The first few scans removed most if not all of the real issues, what was left was taking care of the broken parts of Windows XP Home. A helper from bleepingcomputer guided me though the rest. My friend lucked out in that it was not damaged beyond repair (and I am crazy enough to try it). It did take me a good 24 to 36 hours of work (this includes scan time).

Learned alot, and again, thank you alll!